Back to skill
Skillv0.1.0
VirusTotal security
Dl Transformer Finetune · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:38 AM
- Hash
- ab1359e9082dde08ce3fb982e01f73f75b62a89ae76a68b96ee904f7c79ec10e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: dl-transformer-finetune Version: 0.1.0 The `scripts/build_finetune_plan.py` script takes user-controlled file paths for `--input` and `--output` arguments. This creates a vulnerability for potential arbitrary file read (limited to JSON-parsable files) and arbitrary file write on the local filesystem. While the script's intended purpose is benign (generating fine-tuning plans), this capability could be exploited by a malicious actor manipulating the agent's arguments to access or modify sensitive files. There is no evidence of intentional malicious behavior like data exfiltration or remote code execution within the script or prompt injection attempts in `SKILL.md`.
- External report
- View on VirusTotal